Hybrid Cryptography: Off-The-Record Framework

Published Feb 15, 2017Last updated Mar 06, 2017
Hybrid Cryptography: Off-The-Record Framework


Privacy is daily concern for many Internet users. Eavesdropping user's content and using it for various reasons are not desired by most application users. Trusting communication channel, service provider, or the government to not intercept your content is not a good enough idea.


OTR framework solves this problem by cryptographically processing the user's content in transit and at rest. No eavesdropper can read the content, not even the service provider.

This framework currently has a Java library.

Simpler Java Interface

Bob sending message

OTRClient bobClient = OTRClient.get(config);
bobClint.login("bob", "password");
bobClient.sendMessage("Hello Alice", ALICE_USER_ID);

Alice recieving message

OTRClient aliceClient = OTRClient.get(config);
aliceClient.login("alice", "password");

Protocol Explanation

OTR4J uses hybrid cryptography system. It uses RSA and ECDH for key exchanges and AES encryption. Technical details of protocol an be found here.

OWASP Support

You can find the OWASP support here: https://www.owasp.org/index.php/OWASP_Off_the_record_4_Java_Project

Contribution Needed

There are multiple ways for you to participate in the project.

  • Feature request: Raise your feature request here with detailed information.

  • Contribute code: Pick an open issue, forkoff the github repository and create PR.

  • Help through awareness: One of the quarter goal is to spread awareness.

You can help here by mentioning this project in your blog, tweets and through any other media.

This tutorial was originally posted by the author here. This version has been edited for clarity and may appear different from the original post.

Discover and read more posts from Jigar Joshi
get started